If it’s not in Entra, it doesn’t exist—to your policies, dynamic groups, or audit logs. Missing user metadata like department, title, or usageLocation can silently break downstream automations and cause inconsistencies that are hard to debug.
This post walks through how to audit Entra ID user profiles using PowerShell and Microsoft Graph, flagging any accounts with incomplete or empty property fields.
⚙️ Prerequisites #
- PowerShell 7+
- Microsoft Graph PowerShell SDK
- Admin permissions to Microsoft Entra ID
Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "User.Read.All", "Directory.Read.All"
Note: You only need read access for this operation, not User.Write.All.
🔍 Properties We’re Auditing #
We’ll be checking each user for the following missing or blank fields:
departmentjobTitleusageLocationmanager- Optional:
mobilePhone,officeLocation
You can customize this based on your environment.
🛠️ PowerShell Script #
$propertiesToCheck = @("Department", "JobTitle", "UsageLocation", "Manager", "MobilePhone", "OfficeLocation")
$results = @()
$users = Get-MgUser -All -Property "Id,DisplayName,UserPrincipalName,Department,JobTitle,UsageLocation,Manager,MobilePhone,OfficeLocation"
foreach ($user in $users) {
$missingProps = @()
foreach ($prop in $propertiesToCheck) {
if (-not $user.$prop) {
$missingProps += $prop
}
}
if ($missingProps.Count -gt 0) {
$results += [PSCustomObject]@{
DisplayName = $user.DisplayName
UserPrincipalName = $user.UserPrincipalName
MissingProperties = ($missingProps -join ", ")
}
}
}
$results | Format-Table -AutoSize
The Results #
PS C:\Users\logphile> New-SmartUser $propertiesToCheck = @("Department", "JobTitle", "UsageLocation", "Manager", "MobilePhone", "OfficeLocation")
>> $results = @()
>> $users = Get-MgUser -All -Property "Id,DisplayName,UserPrincipalName,Department,JobTitle,UsageLocation,Manager,MobilePhone,OfficeLocation"
>> foreach ($user in $users) {
>> $missingProps = @()
>> foreach ($prop in $propertiesToCheck) {
>> if (-not $user.$prop) {
>> $missingProps += $prop
>> }
>> }
>> if ($missingProps.Count -gt 0) {
>> $results += [PSCustomObject]@{
>> DisplayName = $user.DisplayName
>> UserPrincipalName = $user.UserPrincipalName
>> MissingProperties = ($missingProps -join ", ")
>> }
>> }
>> }
>> $results | Format-Table -AutoSize
DisplayName UserPrincipalName Missing Properties
----------- ----------------- ------------------
Warren Worthington [email protected] UsageLocation
Hank McCoy [email protected] UsageLocation
Piotr Nikolayevich Rasputin [email protected] UsageLocation
Scott Summers [email protected] UsageLocation
Bobby Drake [email protected] UsageLocation
Jean Grey [email protected] UsageLocation
Kurt Wagner [email protected] OfficeLocation
Phil Boyce [email protected] Department, JobTitle, MobilePhone, OfficeLocation
Charles Xavier [email protected] UsageLocation
James Howlett [email protected] UsageLocation
📤 Exporting to CSV (Optional) #
$results | Export-Csv -Path "EntraUserAudit.csv" -NoTypeInformation
🧠 Why This Matters #
- Broken dynamic group rules
- License assignment failures
- Inaccurate compliance or org charts
- Missed automation triggers
Directory drift happens quietly. This gives you visibility and control.
🚀 Ideas to Extend This #
- Auto-tag users with
profileStatus = incomplete - Send Teams alerts or email summaries
- Schedule via Azure Automation or GitHub Actions
📎 Resources #
- Microsoft Graph PowerShell SDK Docs
- User Resource Type - Microsoft Graph
- Graph Query Parameters Reference
After several years as a stay-at-home dad, I’m working my way back into the tech field—brushing up on tools, learning what’s changed, and sharing the journey along the way. This blog is part learning tool, part signal to employers, and part proof of work. Thanks for reading!